MICROSOFT HAS FIXED a total of 59 vulnerabilities with its latest batch of Patch Tuesday fixes, though there are no zero-day flaws requiring a plaster this month.
has released its latest batch of 'Patch Tuesday' security updates, fixing 59 vulnerabilities in total. The company claims that, this month, there are no zero-day security flaws requiring a quick fix.
Of all the vulnerabilities patched, nine are rated as 'critical,' 49 are rated as 'important,' while one is considered 'moderate' in severity.
The updates cover Windows 10, Dynamics 365, ChakraCore, Internet Explorer, Edge, SQL Server Management Studio, Microsoft Office, Windows Update Assistant, and other programmes.
One of the critical bugs addressed in latest batch of updates includes a remote code execution (RCE) flaw in Windows Remote Desktop Client, which can be exploited by attackers when a user connects to a malicious server.
Indexed as CVE-2019-1333, this flaw particularly involves the client machines that connect to servers through Remote Desktop Protocol (RDP).
To exploit the bug, an attacker first needs to compromise an RDP server with malicious code. After that, they must trick a client machine user to connect to the malicious server via DNS poisoning, social engineering or other methods.
If they succeed, attackers can remotely execute arbitrary code on a victim's machine to install malware, view and modify data, and also set up new user accounts with full rights.
Fortunately, this RDP bug is not as dangerous as the wormable BlueKeep bug disclosed by Microsoft a few months ago.
Microsoft has also patched four critical memory corruption vulnerabilities (CVE-2019-1335, CVE-2019-1366, CVE-2019-1307, and CVE-2019-1308) in the Chakra Scripting Engine. These bugs surface when the scripting engine handles some specific objects in memory in Edge browser. The flaws may lead to RCE, allowing hackers to install programmes, modify sensitive data or create privileged user accounts.
The remaining two critical bugs patched by Microsoft are: an RCE bug in the Azure App Service (CVE-2019-1372), and an RCE in MSXML parser of XML Score Services (CVE-2019-1060).
According to Microsoft, it has no reports so far of any of these vulnerabilities being exploited in the wild. µ
OK Google, explain 'imminent disappointment'
We'd have called it Bridget
Investor leverages his $1.2bn stake in PC maker
Social network handed over info in 88 per cent of cases